Second best zero-day security (after common sense)?
- Thread starter Marco2
- Start date
H
hjlbx
Which AV is known for its quick response to new attacks? Should I have non-traditional AV software? I went through similar threads but I'm not sure there was a definitive answer
For "non-traditional" configuration you might want to consider:
1. Shadow Defender (light virtualization; paid)
2. AppGuard (anti-executable; paid)
3. Windows Firewall Control (outbound firewall notifications; paid)
4. Emsisoft Emergency Kit (on-demand signature-based scanner; freeware)
Depending upon browser you use, it might be worthwhile to take a look at HitmanPro.Alert (another paid) for anti-exploit protection. However, it is not necessary unless you use widely targeted softs and don't keep them up-to-date (e.g. Microsoft Office, Windows Media Player, Adobe products, etc).
Alternatively, you can try Comodo Internet Security or Firewall (both freeware) with VooDooShield (freeware version) or NoVirusThanks Exe Radar Pro (freeware). This gives good firewall with anti-executable and sandbox.
There is no "right" or "best" answer where zero-days are concerned, but anti-executable + light virtualization + outbound firewall notifications is about as "bullet-proof" as you can configure system... without over-dependence\reliance upon signatures.
Shadow Defender works really well you can try it free for 30 days i think give it a go and you will not be disappointed.
Time Freeze is FREE
Note: Time Freeze only freezes drive C:. If you have more than one drives, they are not covered. Another is that you can add Folders in drive C: for exclusion.
Note: Time Freeze only freezes drive C:. If you have more than one drives, they are not covered. Another is that you can add Folders in drive C: for exclusion.
Last edited:
Hello.
IMO, suggesting virtualization (like Shadow Defender) will not cover the user against zero-day threats. Yes, virtualization will "undo" infections, but it could NEVER prevent an "infected session" from happening. During that infected session, important info like credit card info could have been already stolen.
As I understand it, the best products that will protect the user from 0-day threats are products with HIPS, those with Behavior Blocker and those anti-executables.
HIPS: Comodo, PrivateFirewall (for Windows 8), Online Armor (Free or Paid in Windows 7)
Behavior Blocker: Emsisoft Anti-Malware, EMsisoft Internet Security
Anti-Executables: NoVirusThanks EXE Radar Pro (soon to be freeware), VoodooShield (Free or Paid - for me the easiest to use yet so effective)
IMO, suggesting virtualization (like Shadow Defender) will not cover the user against zero-day threats. Yes, virtualization will "undo" infections, but it could NEVER prevent an "infected session" from happening. During that infected session, important info like credit card info could have been already stolen.
As I understand it, the best products that will protect the user from 0-day threats are products with HIPS, those with Behavior Blocker and those anti-executables.
HIPS: Comodo, PrivateFirewall (for Windows 8), Online Armor (Free or Paid in Windows 7)
Behavior Blocker: Emsisoft Anti-Malware, EMsisoft Internet Security
Anti-Executables: NoVirusThanks EXE Radar Pro (soon to be freeware), VoodooShield (Free or Paid - for me the easiest to use yet so effective)
I might. BUT who would setup a virtual environment for malware testing where info about credit cards and passwords are there for easy picking. Even using Sandboxie, there must be precautions to do so not all folders and it's contents can be shared. @Cowpipe mentioned this in a post last year, as a mean of safeguarding important info.
Yes of course. But as I understood the OP he never mentioned of setting up a virtual environment. It seemed that he's asking from a viewpoint of a regular computer usage. That's why I offered a straightforward answer for a regular computer usage that will protect against 0-day threats. Unless I did not understand him.
HIPS are totally useless in the hands of anyone except people who are already so familiar with coding and the OS that HIPS software wouldn't even be needed. All HIPS does is either go absolutely batcrap insane in the most mundane of situations such as updating, or it gets "tamed" down to "newb" mode so badly that it just sits there and doesn't bother you..completely negating the purpose. The truth is, a good zero day isn't going to be caught by anything. You think Stuxnet would have been caught by cranking Comodo up to 11? Nope. Use a firewall, an AV, a good browser and maybe MBAM. The rest is done by not being stupid.
I agree and you really have to know how to configure HIPS properly, and have enough knowledge about what to allow etc!!
I'm not even sure virtualization would matter for the "heavy hitters" of malware, ie, the ones that actually pose a serious "holy hell this sucks" threat. Things like Returnil, SandboxIE, etc, have been around long enough that lots of malware authors plan for it. If the malware detects that kind of software, it sits there and does nothing or it breaks through. These specialized tools that worked wonders back in 2010 are not likely to be as effective now. Remember, the bad guys use the same tools the good guys use. They know what's out there and what can and can't be broken..yet.
It's not really even the configuring issues, it's more that legit software is now doing a lot of things that these programs were designed to red flag.
Eh, Comodo is the stinking cowpie crapped out by an egotistical bull, in my own personal opinion.
The best 0 day defense after ''common sense'' is to back up your data, it is the ONLY 100% best 0 day defense of all time.
There is no product that can guarantee 100% protection from completely 0 day attacks.
''Which AV is known for its quick response to new attacks?''
From my experience ESET......
There is no product that can guarantee 100% protection from completely 0 day attacks.
''Which AV is known for its quick response to new attacks?''
From my experience ESET......
Most AV's today are no longer holding the meaning of 'traditional' (where pure signatures only) except to Avira where cloud features is one of their main rely protection to obtain enough accurate detection.
AVG = Includes Identity Protection for behavior protection
Bitdefender = AVC + B-HAve
Avast = HIPS (Beta version)/ DeepScreen + Deny unknown program feature by set it automatic.
Panda = Behavior Monitor + Analysis
F-secure = BB's DeepGuard
Emsisoft = BB Formerly Mamutu version
Norton = Sonar BB besides to Cloud protection from Download Insight.
Kasperksy = Application Control + HIPS (with limitations on x64) + Behavior analysis
Gdata, Trend Micro = Behavior blocker without user interaction need per default settings
ESET = powered with Sandbox analysis for accurate detection + HIPS
You have many choices which are work on the background without your user awareness unless you touch those settings how they perform. Actually Common sense will be your FIRST and SECOND line of defense follow by backup and virtualization.
Other complex configuration are need a full train knowledge like Anti-Executable or fully Default-Deny protection which you need to maintain any changes.
AVG = Includes Identity Protection for behavior protection
Bitdefender = AVC + B-HAve
Avast = HIPS (Beta version)/ DeepScreen + Deny unknown program feature by set it automatic.
Panda = Behavior Monitor + Analysis
F-secure = BB's DeepGuard
Emsisoft = BB Formerly Mamutu version
Norton = Sonar BB besides to Cloud protection from Download Insight.
Kasperksy = Application Control + HIPS (with limitations on x64) + Behavior analysis
Gdata, Trend Micro = Behavior blocker without user interaction need per default settings
ESET = powered with Sandbox analysis for accurate detection + HIPS
You have many choices which are work on the background without your user awareness unless you touch those settings how they perform. Actually Common sense will be your FIRST and SECOND line of defense follow by backup and virtualization.
Other complex configuration are need a full train knowledge like Anti-Executable or fully Default-Deny protection which you need to maintain any changes.
Which AV is known for its quick response to new attacks? Should I have non-traditional AV software? I went through similar threads but I'm not sure there was a definitive answer
Maybe you can use something like Voodoo Shield or SecureAPlus.
Some real good advice in this thread and some real bad.
Some seem to mention whatever they are using, because they think they are protected.
Light virtualization or full blown VM - it will have absolutely no defense against an exploit.
Anything happening in a session will be compromised.
And there's no hint to tell you that you have been hit, except two days later when your bank account has been emptied.
HIPS or Behavior Blockers - absolutely no defense against an exploit.
It might trigger on a payload if such is downloaded, but that's far to late in the game.
From the moment that the vulnerability is exploited, anything can happen.
And it can be done from memory.
No payload for the HIPS or Behavior Blocker to trigger on.
Outbound firewall blocking - absolutely no defense against exploits.
And absolutely no defense against malware in general.
There is nothing in an exploit that in any way will be affected by a firewall.
The connection is already established, the vulnerability are being exploited, all bets are off on what where done and should any payload be fetched, then it will be done from an already trusted program. Your old-fashioned application firewall will smile happily at you, while everything passes it.
On demand scanners - well this kind of goes without saying - no protection against exploits. They are cleaners, not real time protection.
So what actually works ??
Right now the most powerful Anti-Exploit solution are HitmanPro.Alert.
And if you have a Intel i3, i5 or i7 CPU, then it will be hardware assisted making it even stronger.
HitmanPro.Alert also contains a lot more, like CryptoGuard. It's a true powerhouse.
If you pair HitmanPro.Alert with any AV out there, then you will be very, very well guarded.
All without you having to worry about tinkering with settings or any such things.
It will set itself up upon installation.
Some seem to mention whatever they are using, because they think they are protected.
Light virtualization or full blown VM - it will have absolutely no defense against an exploit.
Anything happening in a session will be compromised.
And there's no hint to tell you that you have been hit, except two days later when your bank account has been emptied.
HIPS or Behavior Blockers - absolutely no defense against an exploit.
It might trigger on a payload if such is downloaded, but that's far to late in the game.
From the moment that the vulnerability is exploited, anything can happen.
And it can be done from memory.
No payload for the HIPS or Behavior Blocker to trigger on.
Outbound firewall blocking - absolutely no defense against exploits.
And absolutely no defense against malware in general.
There is nothing in an exploit that in any way will be affected by a firewall.
The connection is already established, the vulnerability are being exploited, all bets are off on what where done and should any payload be fetched, then it will be done from an already trusted program. Your old-fashioned application firewall will smile happily at you, while everything passes it.
On demand scanners - well this kind of goes without saying - no protection against exploits. They are cleaners, not real time protection.
So what actually works ??
Right now the most powerful Anti-Exploit solution are HitmanPro.Alert.
And if you have a Intel i3, i5 or i7 CPU, then it will be hardware assisted making it even stronger.
HitmanPro.Alert also contains a lot more, like CryptoGuard. It's a true powerhouse.
If you pair HitmanPro.Alert with any AV out there, then you will be very, very well guarded.
All without you having to worry about tinkering with settings or any such things.
It will set itself up upon installation.
HIPS you run in training mode on a clean system and re-train when you make major changes; you don't just "install and forget" HIPS.
The pattern I'm seeing with virtualization is a false sense of security. Unless you build VM completely isolated from your data (VirtualBox, VMWare, Hyper-V--not ShadowDefender, et. al.), you only protected your host from damage, not your data (the important part) from theft.
Backups protect your data from loss, not theft.
I just popped SecureAPlus on my VM (free for 1 year or 18 months at one of the giveaway sites) and am running it on my downloads folder (~280GB) and oh my is it slow--even the inital full scan (only C drive) was slow and you can't abort it. It looks really good for a second through eleventh opinion scanner.
The only 100% defence against 0-day attacks is the power switch. If that it to stringent for you, then, in order of importance:
-1. Switch to linux
0. 0-day software updates
1. Never, ever, ever click on an ad or a link in an e-mail. Ever. Nevereverneverevereverevernever do that. Ever. No exceptions
2. Hardened OS/configuration (that's one notch lighter than the power switch..not something I recommend for ordinary use, only here for completeness)
3. Layered security:
3.a.Firewall (Comodo)
3.b. HIPS (Comodo)
3.c. Behaviour Blocker (Qihoo)
3.d. Anti-Virus (Qihoo)
3.e. Adblocker (Adguard or uBlock Origin)
3.f. Browser security extension (pick any really, Avast, BD, Qihoo, etc.--it's a separate product)
4. VirusTotal Uploader
5. Test stuff on a real VM (VirtualBox) before running on your production host if you have any doubts (and test your security software configuration on it)
6. Never use defaults: make conscientious decisions when configuring every. single. option. Read the manual--an option so important that there's an acronym for it!
Total cost: $0
I don't know about "Anti-Exploit" software. My only experience with it (MBAE) was one detection, a false positive that couldn't be any more false: it protected Foxit Reader from Foxit Reader during Foxit Reader installation and it kept all my other security software from working. Test on a VM first!
The pattern I'm seeing with virtualization is a false sense of security. Unless you build VM completely isolated from your data (VirtualBox, VMWare, Hyper-V--not ShadowDefender, et. al.), you only protected your host from damage, not your data (the important part) from theft.
Backups protect your data from loss, not theft.
I just popped SecureAPlus on my VM (free for 1 year or 18 months at one of the giveaway sites) and am running it on my downloads folder (~280GB) and oh my is it slow--even the inital full scan (only C drive) was slow and you can't abort it. It looks really good for a second through eleventh opinion scanner.
The only 100% defence against 0-day attacks is the power switch.
If that it to stringent for you, then, in order of importance:-1. Switch to linux
0. 0-day software updates
1. Never, ever, ever click on an ad or a link in an e-mail. Ever. Nevereverneverevereverevernever do that. Ever. No exceptions
2. Hardened OS/configuration (that's one notch lighter than the power switch..not something I recommend for ordinary use, only here for completeness)
3. Layered security:
3.a.Firewall (Comodo)
3.b. HIPS (Comodo)
3.c. Behaviour Blocker (Qihoo)
3.d. Anti-Virus (Qihoo)
3.e. Adblocker (Adguard or uBlock Origin)
3.f. Browser security extension (pick any really, Avast, BD, Qihoo, etc.--it's a separate product)
4. VirusTotal Uploader
5. Test stuff on a real VM (VirtualBox) before running on your production host if you have any doubts (and test your security software configuration on it)
6. Never use defaults: make conscientious decisions when configuring every. single. option. Read the manual--an option so important that there's an acronym for it!
Total cost: $0
I don't know about "Anti-Exploit" software. My only experience with it (MBAE) was one detection, a false positive that couldn't be any more false: it protected Foxit Reader from Foxit Reader during Foxit Reader installation and it kept all my other security software from working. Test on a VM first!
- Status
You may also like...
-
Antivirus vs. Common Sense — What Really Keeps You Safe in 2025?- Started by Bot
- Replies: 105
-
-
Linux Firewall Basics: A Beginner's Guide to iptables for Blocking Common Attacks- Started by Divergent
- Replies: 1
-
How I ruined my vacation by reverse engineering WSC (Windows Security Center)- Started by SeriousHoax
- Replies: 11
-
The Necessity of Simulating the Full Malware Infection Chain for Security Suite Testing- Started by harlan4096
- Replies: 3